package cn.ac.sec.interceptor;

import java.io.Serializable;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

public class LoginInterceptor extends HandlerInterceptorAdapter {

	@Override
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
			throws Exception {
		String authorization = request.getHeader("Authorization");
		System.err.println(authorization+"!@#$#$%^&*(*&^%$#@#$%^&");
		if(StringUtils.isEmpty(authorization)) {
			response.sendError(401);
			return false;
		}
		Subject subject = SecurityUtils.getSubject();
		Serializable sessionId = subject.getSession().getId();
		System.err.println(authorization.equals(sessionId));
		if(authorization.equals(sessionId)) {
			return true;
		} else {
			response.sendError(401);
			return false;
		}
		
	}

}
